keyserver receive failed (on every keyserver available)

Question

I recently installed Ubuntu 17.04 and I'm not able to add any ppa.
I tried to manually add keys using different keyservers but on every attempt I'm getting keyserver received error:

$ sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 0F164EEB

Error Received:

Executing: /tmp/apt-key-gpghome.qm2WNA0lTK/gpg.1.sh --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 0F164EEB
gpg: keyserver receive failed: No keyserver available

$ sudo apt-key adv --keyserver keys.gnupg.net --recv-keys 0F164EEB

Error Received:

Executing: /tmp/apt-key-gpghome.O681PzEx7r/gpg.1.sh --keyserver keys.gnupg.net --recv-keys 0F164EEB
gpg: keyserver receive failed: Connection refused

It is the same case with other keys. I'm not able to add any PPA.

Are you behind a firewall that might reject this protocol or that might require you to configure a proxy? — Gilles 'SO- stop being evil', Apr 27 '17 at 21:47
I m using a proxy but it gave the same result even when adding -E flag so I don't think that is the issue here — mhm, Apr 28 '17 at 07:33
apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys XX works for me, but it does not work without protocol part hkp://. — mvw, Mar 19 '19 at 09:46
https://www.reddit.com/r/archlinux/comments/o5rcs6/psa_you_need_to_update_your_keyserver/ — cardamom, Jul 09 '21 at 17:50
https://security.stackexchange.com/questions/68583/is-the-pgp-web-of-trust-keyserver-infrastructure-permanently-broken — cardamom, Jul 09 '21 at 18:06

score 24 · Answer 1 · edited Aug 03 '17 at 22:38

24

I was getting the same 'gpg keyserver connection refused' error with gpg at the command line, GPA, and KGpg. I am using gnupg 2.1.18-8 on Debian Sid. I enabled debugging in dirmngr as follows:

sudo pkill dirmngr; dirmngr --debug-all --daemon --standard-resolver

The debugging output on the console complained about the lack of a Tor connection. It turned out that "use-tor" was enabled in $HOME/.gnupg/dirmngr. (Thanks, gpgconf!) I commented it out, leaving an empty dirmngr.conf, and keyserver communications are now working normally.

edited Aug 03 '17 at 22:38

Stephen Rauch

4,239

answered Aug 03 '17 at 21:35

Jeffrey Brown

341

4

Just sudo pkill dirmngr solved my issue. – BcK Dec 04 '19 at 20:04
The additional output from this lead me to another answer here that fixed it for me (on Arch-based Manjaro, despite being on AskUbuntu, answer also mentions Arch). – Fabian Röling Aug 27 '20 at 11:11

score 10 · Answer 2 · answered Jun 18 '17 at 16:05

This also happened to me when something was wrong with the DNS resolution setup. Check that there are nameservers listed in /etc/resolv.conf (also, try alternative nameservers). If you are using systemd-resolved, then make sure that /etc/resolv.conf is a symlink to /run/systemd/resolve/resolv.conf.

score 10 · Answer 3 · answered Aug 02 '20 at 06:33

10

For those of you stuck on this error after trying the above solutions, make sure that you've included the hkp:// protocol prefix before the keyserver address.

This works for me:

apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 0F164EEB

This didn't work for me:

apt-key adv --keyserver keyserver.ubuntu.com:80 --recv-keys 0F164EEB

answered Aug 02 '20 at 06:33

Austin

201

This worked for me, just replace your key with mysql repo key from error it returns. – juslintek Mar 18 '22 at 13:32

Stuart Cardall · Answer 4 · 2018-07-07T09:59:49.120

This error can also be caused if you retrieve gpg keys through tor & tor is not running.

In your system log you will see:

command 'KS_GET' failed: No keyserver available

To retrieve keys through tor set in ~/.gnupg/dirmngr.conf:

# https://gnupg.org/blog/20151224-gnupg-in-november-and-december.html
use-tor
keyserver hkp://jirk5u4osbsr34t5.onion

# https://sks-keyservers.net/overview-of-pools.php#pool_hkps
hkp-cacert /etc/ssl/CA/sks-keyservers.netCA.pem

score 7 · Answer 5 · answered May 02 '19 at 14:34

7

one of the cause is indeed a proxy issue see Unable to add gpg key with apt-key behind a proxy

you would have to use the following command:

$ sudo apt-key adv --keyserver hkps://keyserver.ubuntu.com:443 --keyserver-options http-proxy=http://myproxy:3128 --recv-keys 0F164EEB

...or a combination of curl+apt-key

answered May 02 '19 at 14:34

Cyril Chaboisseau

410
5
6

Thank you. Your answer helped me, even though I don't use a proxy: https://unix.stackexchange.com/a/664653 – selurvedu Aug 14 '21 at 09:45

score 2 · Answer 6 · edited Jun 07 '18 at 10:10

For your information, I've encountered the same problem:

gpg: keyserver receive failed: Connection refused

My resolv.conf contained:

nameserver 127.0.0.1
nameserver XXX.XXX.XXX.XXX
search XXX.XXX

and was immutable:

$ lsattr /etc/resolv.conf
----i---------e---- /etc/resolv.conf

Furthermore, I didn't have a DNS server bound to the loopback network interface (127.0.0.1).

So, when I tried to execute this command

apt-key adv --keyserver keyserver.ubuntu.com --recv-keys XXXXXXXXXXXXXX

apt-key only used the first nameserver that doesn't exist and failed.

I removed the immutability:

sudo chattr -i /etc/resolv.conf

I modified the first nameserver to point to a working one.

And I put the immutability back:

sudo chattr -i /etc/resolv.conf

And finally apt-key worked.

score 1 · Answer 7 · edited Jul 05 '18 at 15:15

1

SOLUTION(?): Getting same "no keyserver available" error on Parrot Security 3.6.

Used GPA v0.9.10 (Gnu Privacy Assistant).

Click "Server" -> "Retrieve Keys"
Enter , in your case 0F164EEB.
Click "OK". Wait a bit.

If it works, you will have an entry in the "Key Manager" listing. I was able to continue with verification process from there.

edited Jul 05 '18 at 15:15

slm

369,824

answered Jun 04 '17 at 19:43

Tiris Eroe

11

ben kevin · Answer 8 · 2021-10-13T06:24:55.723

Try this:

Step 1: Before running curl, you may want to open this directly in your browser, to check if it does exist and downloadable. 0x0F164EEB is the key you're looking for. https://keyserver.ubuntu.com/pks/lookup?search=0x0F164EEB&fingerprint=on&op=get
Step 2: The below either command will download the specific pub-key into target_pubkey.pgp.
- http-proxy: If you're behind a http-proxy such as in a company or collage network, and have difficulty accessing anything ports other than 80 or 443.
  curl -x http://proxy:port -O target_pubkey.pgp https://keyserver.ubuntu.com/pks/lookup?search=0x0F164EEB&fingerprint=on&op=get
- socks-proxy: Or you have access to a socks-proxy, socks5h means the hostname is resolved remotely.
  curl -x socks5h://proxy:port -O target_pubkey.pgp https://keyserver.ubuntu.com/pks/lookup?search=0x0F164EEB&fingerprint=on&op=get
Step 3: Add the targeted key.
sudo apt-key add target_pubkey.pgp
Step 4: Add the targeted repository.
sudo add-apt-repository "deb https://your-targeted-repository targeted-project"
Step 5: Update.
sudo apt-get update

score 1 · Answer 9 · answered Feb 07 '23 at 19:35

Here is a quick and somewhat lazy solution that worked for me.

It doesn't resolve why the underlying problem is happening, it is simply a work around to get past the issue.

Basically, get the IP address of keyserver.ubuntu.com,

ping keyserver.ubuntu.com

Use CTRL-C to stop ping once the IP address is displayed.

Replace keyserver.ubuntu.com with it's IP address.

e.g.

sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 7EA0A9C3F273FCD8

becomes

sudo apt-key adv --keyserver 162.213.33.8 --recv-keys 7EA0A9C3F273FCD8

This worked for me on an older distro where I didn't want to figure out the DNS issue, I just wanted to install the key.

questionto42 · Answer 10 · 2021-05-25T16:14:21.910

Run

sudo apt-get update

before you run

sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 0F164EEB

And if you have an "echo" line before that, run another sudo apt-get update even before that:

RUN apt-get update
RUN sh -c 'echo "..." > /etc/...'
RUN apt-get update
RUN apt-key adv ...

By this, I got rid of the similar error "Cannot assign requested address":

Executing: /tmp/apt-key-gpghome.Up2U8vHXpt/gpg.1.sh --keyserver hkp://ha.pool.sks-keyservers.net:80 --recv-key C1CF6E31E6
gpg: keyserver receive failed: Cannot assign requested address
ERROR: Service 'listener' failed to build: The command '/bin/sh -c apt-key adv --keyserver hkp://ha.pool.sks-keyservers.net:80 --recv-key C1CF6E31E6' returned a non-zero code: 2

UPDATE

Most likely: server is just busy, try again

The whole idea abobe is likely just a placebo since this answer to the same error, but in another context says that this can appear when the address is just busy. Which would mean: if you have this error, just try again, and sudo apt-get update might not change anything, then. That sounds most likely.

selurvedu · Answer 11 · 2021-08-14T09:48:16.763

0

I was able to use keyserver.ubuntu.com from GnuPG only after adding a hkps:// prefix and a :443 suffix:

gpg2 --keyserver hkps://keyserver.ubuntu.com:443 --recv-keys XXXXXXXXXXXXXXXX

Replace gpg2 with apt-key adv in case you need to fetch a key for APT. In my case, I needed to import it into my user keyring for another purpose.

Thanks to Cyril Chaboisseau's answer for providing a hint.

edited Aug 14 '21 at 09:48

answered Aug 14 '21 at 09:41

selurvedu

185

score 0 · Answer 12 · answered Nov 08 '21 at 01:04

My solution was:

change DNS to primary 8.8.8.8, secondary DNS 192.168.1.1 (local router)
use gpg instead of apt-key which is now depreciated
add protocol "hkp://" and port 80 to key server address
reboot

cli command:

    sudo gpg  --keyserver hkp://pgp.mit.edu:80 --recv-keys 1C61A2656FB57B7E4DE0F4C1FC918B335044912E 
[sudo] password for rd: 
gpg: /root/.gnupg/trustdb.gpg: trustdb created
gpg: key FC918B335044912E: public key "Dropbox Automatic Signing Key <linux@dropbox.com>" imported
gpg: Total number processed: 1
gpg:               imported: 1e

score 0 · Answer 13 · answered May 30 '23 at 03:40

Others have gone over many reasons for seeing this error message. I just ran across another:

If your host only has IPv6 access, some keyservers are IPv4 only!

Currently Ubuntu has a longstanding bug on this issue: https://answers.launchpad.net/launchpad/+question/189094

jelmd · Answer 14 · 2023-10-14T00:53:46.067

On Ubuntu 22.04 (and possibly in 20.04 and 18.04) just convert the key to lower case, prefix it with a 0x, fetch it via https from the intended keyserver and copy it to /etc/apt/trusted.gpg.d/ with the extension .asc - obsoletes all apt-key or gpg torture.

E.g. one may use this little ksh script as a workaround:

#!/bin/ksh93
typeset -l KEY
typeset -u UC
typeset K F
integer N=0
if [[ -z "$1" ]]; then
    print -u2 "Usage: ${0##*/} key ..."
    exit 1
fi
TMP=${ mktemp -d -p /tmp pkgkey.XXXXXX ; }
[[ -z ${TMP} ]] && exit 99
for K ; do
    KEY="$K"
    [[ ${KEY:0:2} == '0x' ]] && KEY="${KEY:2}"
    if [[ ! ${KEY} =~ ^[0-9a-f]+$ ]]; then
        print -u2 "Ignoring invalid key '$K'."
        continue
    fi
    UC=${KEY}
    F="${TMP}/${UC}.asc"
    wget -O "$F" 

        "https://keyserver.ubuntu.com/pks/lookup?op=get&search=0x${KEY}"
    grep -qs -- '-BEGIN PGP PUBLIC KEY BLOCK-' "$F" && (( N++ > -1 )) || rm -f "$F"
done
(( N )) && sudo cp "${TMP}/"*.asc /etc/apt/trusted.gpg.d/
rm -rf "${TMP}"

If stored as apt-key.sh and chmod 0755 apt-key.sh one may e.g. apt-key.sh DDCAE044F796ECB0 ;-).

keyserver receive failed (on every keyserver available)

14 Answers14

UPDATE

Linked